<div>Hi Andreas, Hi All,</div>
<div> </div>
<div>During the last two weeks, I did a interesting testing which will be described as followed.</div>
<div> </div>
<div>1) I established IPSEC tunnel by using strongswan over IP-in-IP tunnel (that means two tunnel has been established);</div>
<div> </div>
<div>2) In these two tunnel, I used the same inner IP as the original IP (that means there IPs are the same); </div>
<div> </div>
<div>3) I use the linux kernel 2.6.28 with the following patches and enabled the IPsec related kernel options.</div>
<div>
<table border="1" rules="cols" cellspacing="0" cellpadding="4" width="4824" frame="lhs">
<colgroup>
<col width="544">
<col width="4263">
<tbody>
<tr valign="top">
<td width="544">
<p class="cjk" align="center"><font face="Helvetica, sans-serif"><font style="FONT-SIZE: 9pt" size="2"><span lang="en-GB"><b>1</b></span></font></font></p></td>
<td width="4263">
<p class="cjk" align="left"><font face="Helvetica, sans-serif"><font style="FONT-SIZE: 9pt" size="2"><span lang="en-GB">SKB True Size Problem, detail information can be found in:</span></font></font></p>
<p class="cjk" align="left"><font face="Helvetica, sans-serif"><font style="FONT-SIZE: 9pt" size="2"><span lang="en-GB"><a href="http://patchwork.kernel.org/patch/11964/">http://patchwork.kernel.org/patch/11964/</a></span></font></font></p>
</td></tr>
<tr valign="top">
<td width="544">
<p class="cjk" align="center"><font face="Helvetica, sans-serif"><font style="FONT-SIZE: 9pt" size="2"><span lang="en-GB"><b>2</b></span></font></font></p></td>
<td width="4263">
<p class="cjk" align="left"><font face="Helvetica, sans-serif"><font style="FONT-SIZE: 9pt" size="2"><span lang="en-GB">IPV6 Stack Problem, detail information can be found in:</span></font></font></p>
<p class="cjk" align="left"><font face="Helvetica, sans-serif"><font style="FONT-SIZE: 9pt" size="2"><span lang="en-GB"><a href="http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304"><u><span lang="zh-CN"><font style="FONT-SIZE: 9pt" size="2"><font face="ËÎÌå"><font color="#0000ff">http://kerneltrap.org/mailarchive/linux-netdev/2008/11/25/4231304</font></font></font></span></u></a></span></font></font></p>
</td></tr></tbody></colgroup></table> </div>
<div>4) After two tunnel established successfully, I initiate ping from the host{A} to host{B}. ICMP reply package can not be seen on the cosole but I can see these packages in the cratched list of tcpdump (tcpdump -i ip-in-ip).</div>
<div> </div>
<div>so I am wander that if this scenarios (IPsec tunnel mode over IP-IN-IP tunnel mode) can be supported by linux kernel2.6.28 or later version of kernel.</div>
<div> </div>
<div>If I need apply some patches to support this scenarios (IPsec tunnel mode over IP-IN-IP tunnel mode). </div>
<div> </div>
<div>look forward to your answer, thanks a lot!</div>
<div> </div>
<div>cheers,</div>
<div>David Morris</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>